Understanding The Need for Cloud Security Tools & Cloud Security Risks
Recently Chenxi Wang our Chief Strategy Officer was met with Peerlyst Perspectives from peerlyst.com to discus common cloud security risks and the cloud security tools available to developers to move from development to production more security. Peerlyst is a community of IT security professionals who really know their stuff, so we were honored when they asked us to come and talk about the need for further cloud security tools in the cloud security space. Cloud security tools like Twistlock are something DevOps have a growing need for, but many don’t understand why. In this interview we break down critical cloud security risks, treats and vulnerabilities in today’s ecosystem, including lack of applications management on the cloud. We’ll also cover the basics such as what are containers, and how to secure them.
Peerlyst Perspectives: Cloud Security
What are the most critical security threats to data in the Cloud today?
Well the most critical threat to data are essentially the level of management that the enterprise has, management control to data, once it goes outside of your infrastructure you have all the tools and all the visibilities in place to ensure that your policies are carried forth into the Cloud infrastructure and that’s where you sort of need additional visibility, additional tools to help you and not everyone has the capability to do that and that’s the most critical threat in my opinion.
Other than lack of cloud security tools what concerns you about cloud security?
Well I talk about the lack of control, lack of management and also continuing to be the case that the user is the weakest link and when do you add Cloud in the equation, what happens is users really want access to that platform anywhere and that’s what Cloud is good for, right, being available and accessible from any location and it adds another layer of complexity, that means users can use different devices, whatever they are to access the Cloud, they may be coming through an untrusted wireless network and all these are issues you didn’t have before when you just used the IT infrastructure and they are using IT to proof the device within your network to access whatever servers. So that adds another layer of complexity and that becomes another issue for protecting data.
Can we talk about containers in the Cloud?
Sure, containers really are infrastructure level concept, what that means is you’re able to run a specific application inside a container and a container is nothing but a collection of application files and system libraries all patched together, so you can actually run them on a server on premises and you can move them to a server in AWS on OpenStack, it’s a portable concept and it’s also a packaged application concept and it enables this new part of technical micro services, so micro services as opposed to the traditional monolithic applications is that application is broken up into these little packages and you can throw them anywhere and they can work together, you can change one of them out and they still work, and it’s very agile, very portable.
How do you secure the containers in the Cloud?
Containers are, in beginning they were designed to be the Linux containers and the concept is not designed to have multi tendencies so they’re not as strongly isolated if you were with virtual machines, hence if you run them in the multi tendency volume and you may have security concerns. So today, Docker for instance is adding a whole bunch of security assurance and guarantees to the container platform so they have really pushed forward the frontiers in security and other legal system players, including us, are augmenting on top to allow enterprise to traditional controls that they’re used to.
For more information about the cloud security tools provided by Twistlock check out our Trust and Runtime features. Get a free demo of our platform or try our free container security developer edition.
How Containers Make Security and Compliance Instantly Easier – KubeCon EU 2018 Session
The Power of Application Intent Analysis for Container Security – Kubecon 2017 Session
Real World Security: Software Supply Chain – Dockercon EU 2017 Session
Containers for Better Application Defense
Modern App Security Requires Containers – Dockercon EU 2017 Panel